Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus or Malware (on machines in my network with same behavior)


  • Please log in to reply
23 replies to this topic

#1 GinoM

GinoM

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 08 June 2014 - 12:20 PM

Hello,  I'm not sure what I have in my system but its been showing these signs for some time.  I am still not certain what it can be through process of elimination.  I'm an IT guy but not as much when it comes to hardware.  I've never had an issue in the past but I'm assuming something was introduced to my local network when my elderly neighbors were allowed onto my wifi and suspect they introduced something that went through all my home PCs.

 

What I'm experiencing is when CLICKING on link in browsers, occasionally it will spawn new browser windows on its own (or tabs depending on the browser settings).  Chrome and IE have seen the same issue.  Seems to have been occuring the last few weeks.  I think its something on the network since my laptop, which wasn't on the network for 6 months and had no issues, started seeing this within 3 minutes of booting up on the network just as my desktop.  Its always a scam in the newly spawned browser about downloading a new chrome update, adobe or something else from a non reputable URL link that I don't click, download or agree to.

 

I've since disconnected the neighbor from my network and will use a guest system in the future for a partitioned network as such but how do I go about cleaning out my machines?  Can it be the router thats infected?  Both machines are windows 7 (desktop and laptop). 

 

I've tried almost all details seen here:  http://www.bleepingcomputer.com/forums/t/514989/browsers-repeatedly-spawn-new-windows-or-tabs/ but that didn't rid the problem although I did see something about PRCView in the final test?

 

Anyway, I could use some help.  Just tell me what to download or post the logs to and tell me how to start the removal of these from my machines.  (good news, is that I do have a work mifi as well in case I need to use another network if needed to keep one "offline" so that they don't just reinfect each other when cleaned out.  Something to keep in mind.


Edited by Queen-Evie, 08 June 2014 - 12:37 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:20 AM

Posted 08 June 2014 - 02:14 PM

Please run the following scans.

Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 
Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 GinoM

GinoM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 08 June 2014 - 07:26 PM

ESET Log:

 

C:\$Recycle.Bin\S-1-5-21-127214699-3052275660-2932775468-1000\$RL7PAA6.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-127214699-3052275660-2932775468-1000\$RP12PN1.exe Win32/InstallIQ potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Cisco Systems\VPN Client\Process.exe Win32/PrcView potentially unsafe application deleted - quarantined
C:\Users\Gino\Desktop\Thumbdrive\VPNIPSecClient.exe Win32/PrcView potentially unsafe application deleted - quarantined
 
 
 
 
Malware Bytes:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/8/2014
Scan Time: 7:30:40 PM
Logfile: Malware Bytes Export Log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.08.07
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gino
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275973
Time Elapsed: 10 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AdwCleaner:
# AdwCleaner v3.212 - Report created 08/06/2014 at 20:20:55
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gino - GINOLAPTOP-WIN7
# Running from : C:\Users\Gino\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Gino\AppData\Local\PackageAware
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\YahooPartnerToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v3.6.18 (en-US)
 
[ File : C:\Users\Gino\AppData\Roaming\Mozilla\Firefox\Profiles\yqaqpgjn.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Gino\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1645 octets] - [08/06/2014 19:46:13]
AdwCleaner[S0].txt - [1802 octets] - [08/06/2014 20:20:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1862 octets] ##########
 


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:20 AM

Posted 09 June 2014 - 09:46 AM

 
Please download TDSSKiller from here and save it to your Desktop.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
 
tds2.jpg
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
 
2012081514h0118.png
 
3.  Click Start Scan and allow the scan process to run.
 
 
tds4-1.jpg
 
4.  If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
Click Continue.
 
 
tds6.jpg[/*]
 
5.  Click Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 GinoM

GinoM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 09 June 2014 - 05:53 PM

No threats detected.

 

Unable to post file here in text since the text editor here just craps the bed.

 

Try this though if you want to view.  Added to a public folder in google drive:



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:20 AM

Posted 10 June 2014 - 07:59 AM

Please download and install Speccy to provide us with information about your computer.  When  FileHippo opens, click on Download latest version in the upper right pane.
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
 

Please download MiniToolBox, save it to your desktop and run it.
 
 Checkmark the following checkboxes:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
 Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 GinoM

GinoM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 10 June 2014 - 08:06 AM

Speccy:

http://speccy.piriform.com/results/xLfeg4St172byR5tyszEcen

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Gino (administrator) on 10-06-2014 at 09:05:24
Running from "C:\Users\Gino\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/10/2014 01:23:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/10/2014 01:22:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/08/2014 04:26:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/08/2014 04:26:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/08/2014 04:25:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/08/2014 03:51:57 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
Exception code: 0xc0000005
Fault offset: 0x0000000000001b5b
Faulting process id: 0xc98
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/01/2014 04:42:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/29/2013 02:36:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/25/2013 01:24:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/22/2013 02:58:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (06/03/2014 07:45:18 PM) (Source: Service Control Manager) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1069
 
Error: (06/03/2014 07:45:18 PM) (Source: Service Control Manager) (User: )
Description: The VSS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%1352
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/03/2014 07:45:18 PM) (Source: DCOM) (User: )
Description: 1069VSS{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
 
Error: (06/03/2014 07:44:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (12/08/2013 00:46:58 PM) (Source: HTTP) (User: )
Description: 
 
Error: (11/11/2013 00:59:52 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error: 
%%1069
 
Error: (11/11/2013 00:59:52 AM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (11/11/2013 00:59:52 AM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (11/10/2013 04:03:23 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (11/10/2013 04:03:22 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
 
Microsoft Office Sessions:
=========================
Error: (06/10/2014 01:23:12 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
 
Error: (06/10/2014 01:22:08 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (06/08/2014 04:26:58 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gino\Desktop\esetsmartinstaller_enu.exe
 
Error: (06/08/2014 04:26:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gino\Desktop\esetsmartinstaller_enu.exe
 
Error: (06/08/2014 04:25:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gino\Desktop\esetsmartinstaller_enu.exe
 
Error: (06/08/2014 03:51:57 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4DUI70.dll6.1.7600.163854a5bdf25c00000050000000000001b5bc9801cf82ee6019a430C:\Windows\Explorer.EXEC:\Windows\system32\DUI70.dllc3486323-eee1-11e3-b00a-0026b925cd5d
 
Error: (01/01/2014 04:42:09 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
 
Error: (12/29/2013 02:36:05 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
 
Error: (12/25/2013 01:24:43 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
 
Error: (12/22/2013 02:58:29 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Reader 9.3.2 (Version: 9.3.2)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 10.12.0.00122)
ATI Catalyst Control Center (Version: 2.009.1118.1259)
ATI Catalyst Install Manager (Version: 3.0.758.0)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.1118.1260.23275)
Catalyst Control Center Core Implementation (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full Existing (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Full Existing (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full New (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Full New (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Light (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Light (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Common (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Previews Common (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Vista (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0122.858.16002)
Catalyst Control Center InstallProxy (Version: 2009.1118.1260.23275)
Catalyst Control Center InstallProxy (Version: 2010.0122.858.16002)
Catalyst Control Center Localization All (Version: 2009.1118.1260.23275)
Catalyst Control Center Localization All (Version: 2010.0122.858.16002)
CCC Help Chinese Standard (Version: 2009.1118.1259.23275)
CCC Help Chinese Standard (Version: 2010.0122.0857.16002)
CCC Help Chinese Traditional (Version: 2009.1118.1259.23275)
CCC Help Chinese Traditional (Version: 2010.0122.0857.16002)
CCC Help Danish (Version: 2009.1118.1259.23275)
CCC Help Danish (Version: 2010.0122.0857.16002)
CCC Help Dutch (Version: 2009.1118.1259.23275)
CCC Help Dutch (Version: 2010.0122.0857.16002)
CCC Help English (Version: 2009.1118.1259.23275)
CCC Help English (Version: 2010.0122.0857.16002)
CCC Help Finnish (Version: 2009.1118.1259.23275)
CCC Help Finnish (Version: 2010.0122.0857.16002)
CCC Help French (Version: 2009.1118.1259.23275)
CCC Help French (Version: 2010.0122.0857.16002)
CCC Help German (Version: 2009.1118.1259.23275)
CCC Help German (Version: 2010.0122.0857.16002)
CCC Help Italian (Version: 2009.1118.1259.23275)
CCC Help Italian (Version: 2010.0122.0857.16002)
CCC Help Japanese (Version: 2009.1118.1259.23275)
CCC Help Japanese (Version: 2010.0122.0857.16002)
CCC Help Korean (Version: 2009.1118.1259.23275)
CCC Help Korean (Version: 2010.0122.0857.16002)
CCC Help Norwegian (Version: 2009.1118.1259.23275)
CCC Help Norwegian (Version: 2010.0122.0857.16002)
CCC Help Portuguese (Version: 2009.1118.1259.23275)
CCC Help Portuguese (Version: 2010.0122.0857.16002)
CCC Help Russian (Version: 2009.1118.1259.23275)
CCC Help Russian (Version: 2010.0122.0857.16002)
CCC Help Spanish (Version: 2009.1118.1259.23275)
CCC Help Spanish (Version: 2010.0122.0857.16002)
CCC Help Swedish (Version: 2009.1118.1259.23275)
CCC Help Swedish (Version: 2010.0122.0857.16002)
ccc-core-static (Version: 2009.1118.1260.23275)
ccc-core-static (Version: 2010.0122.858.16002)
ccc-utility64 (Version: 2009.1118.1260.23275)
ccc-utility64 (Version: 2010.0122.858.16002)
CDDRV_Installer (Version: 4.60)
ChromecastApp (Version: 1.5.316.0)
Cisco AnyConnect VPN Client (Version: 2.5.2006)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Dell Communications (Support Software) (Version: 1.0.09094)
Dell Dock (Version: 2.0)
Dell Driver Download Manager (Version: 3.0.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Mobile Broadband Manager (Version: 6.1.6.2)
Dell Mobile Broadband Utility (Version: 3.00.23.003)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless HSPA Mini-Card Drivers (Version: 6.1.13.8)
Digital Line Detect (Version: 1.21)
DraftDominator Version 14.0m
EasyTether (Version: 1.1.12)
erLT (Version: 1.20.0137)
ESET Online Scanner v3
FastAccess (Version: 2.4.95.1)
FileZilla Client 3.3.4.1 (Version: 3.3.4.1)
Google Chrome (Version: 35.0.1916.114)
Google Desktop (Version: 5.9.1005.12335)
Google Talk Plugin (Version: 5.4.2.18903)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.24.7)
GoToAssist 8.0.0.514
Hauppauge TV Tuner Diagnostics (1.2.7076) (Version: 1.2.7076)
Hauppauge TV Tuner Driver (Version: 1.88.27090.1)
Hauppauge TV Tuner Driver (Version: 4.2.10.27180)
IDT Audio (Version: 1.0.6267.0)
InstallVC90Support (Version: 1.01.0000)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
iTunes (Version: 11.1.3.8)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 14.0.8089.726)
KhalInstallWrapper (Version: 2.00.0000)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 2.0.2.1012 (Version: 2.0.2.1012)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft IntelliType Pro 8.0 (Version: 8.0.225.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Modem Diagnostics Tool (Version: 1.0.22.0)
Mozilla Firefox (3.6.18) (Version: 3.6.18 (en-US))
MSVCRT (Version: 14.0.1468.721)
My Dell (Version: 3.5.6426.22)
myfantasyleague.com Game Day 2011 (Version: 1.0)
NetWaiting (Version: 2.5.46)
Norton 360 (Version: 21.3.0.12)
Norton Management (Version: 3.2.2.12)
OpenOffice.org 3.2 (Version: 3.2.9502)
Picasa 3 (Version: 3.8)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Qualcomm Gobi 2000 Package for Dell (Version: 1.1.100)
Quickset64 (Version: 9.6.10)
QuickTime (Version: 7.70.80.34)
RIFT (Version: 1.0.0)
RMC Personal Lite 1.0 RC1 (Version: 1.0.0.0)
Skins (Version: 2009.1118.1260.23275)
Speccy (Version: 1.26)
Sprint Mobile Broadband (Novatel Wireless) - Lite (Version: 3.10.014)
Synaptics Pointing Device Driver (Version: 14.0.2.0)
Trillian
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Warhammer Online - Age of Reckoning (Version: )
WebSlingPlayer ActiveX (Version: 1.5.1118)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Zune (Version: 04.02.0202.00)
Zune Language Pack (DE) (Version: 04.02.0202.00)
Zune Language Pack (ES) (Version: 04.02.0202.00)
Zune Language Pack (FR) (Version: 04.02.0202.00)
Zune Language Pack (IT) (Version: 04.02.0202.00)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 54%
Total physical RAM: 4020.54 MB
Available physical RAM: 1835.86 MB
Total Pagefile: 8039.26 MB
Available Pagefile: 5560.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.19 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:451.07 GB) (Free:311.77 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\GINOLAPTOP-WIN7
 
Administrator            Gino                     Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****


#8 GinoM

GinoM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 10 June 2014 - 08:55 AM

One thing to remember... these are the specs of my LAPTOP.  As my intro states, this same behavior (open new tab and try to trick me to download new drivers, adobe, etc) is happening on my desktop as well.  As it also states, I think its going through my internal network.  I've since seperated my laptop from my desktop's network.  Its standalone now or uses my mifi for connectivity to download these tools.



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:20 AM

Posted 10 June 2014 - 09:08 AM

Is the problem continuing while set as a standalone?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 GinoM

GinoM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 10 June 2014 - 09:10 AM

Indeed it is.



#11 GinoM

GinoM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 10 June 2014 - 11:01 PM

any follow up on this?  Just came in.  Happened on the laptop as I was refreshing this thread on a network independent of my home network.



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:20 AM

Posted 11 June 2014 - 09:18 AM

How many computers are we talking about?

 

Is the computer on the independent network the only one on this network?

 

Are these computers using the same browser?

 

If so, what browser are they using?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 GinoM

GinoM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 11 June 2014 - 09:42 AM

I listed most all of this in my initial post above.  May want to review it as I pretty much laid it out with great detail.

 

I'll summarize your questions though but please do re-read my first post.

 

3 Computers on my network.  2 desktops (1 mine, 1 neighbors), 1 laptop.

 

The computer that I've been sending you the log files is from my laptop, that I've removed from my home network and is just stand alone now using my company's mifi for internet connectivity and it continues to have the problem.  I suspect that something got inside my internal network since my laptop started experiencing the same behavior as my desktop after its first time connected to the network in 6 months (within about 5 minutes it started doing this just after me blowing off the dust and booting it up without clicking any links).

 

I primarily use Chrome as my browser.  I've also seen this behavior on internet explorer however too as I tested it.  My chrome settings for "new" links is a new tab, while IE its for a new window by default and that's the behavior seen persist.  New windows spawn in those browsers on their own occasionally as I click legit links on legit websites.  My primary browser window will show the link I want but its like I'm making an additional request to open another browser session (tab or window depending on browser) that tries to tell me with a javascript popup that something needs updating and then a page loading for what is an obvious scam to "update" a chrome browser, adobe version or another scam which is no doubt a virus or malware trick installer.



#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:20 AM

Posted 11 June 2014 - 09:52 AM

I'm aware of what you posted initially, but I needed to know how many computers were on which networks.  This was changed after you started this topic.

 

One possibility is that this could be cause by tab tearing.

 

See if this looks familiar.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 GinoM

GinoM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 11 June 2014 - 06:59 PM

No, not at all unfortunately.

 

I will do a jinx record and screencast  in my next link to reproduce it and share.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users